378 matches found
The vulnerability of the J-Web interface on Juniper Networks Junos OS-based operating systems in SRX and EX devices allows a hacker to execute arbitrary code.
The vulnerability of the J-Web interface on Juniper Networks Junos OS operating systems on SRX and EX devices is related to the ability to write beyond the buffer boundaries into memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Juniper Networks has released updates to fix a critical remote code execution RCE vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. "An out-of-bounds write vulnerability in J-Web of Juniper Networks Jun...
CVE-2024-21591
CVE-2024-21591 is an out-of-bounds write vulnerability in Juniper Networks Junos OS J-Web affecting SRX Series and EX Series. An unauthenticated, network-based attacker can cause a Denial of Service or Remote Code Execution and obtain root privileges on affected devices. The flaw stems from use o...
CVE-2024-21591 Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS, or Remote Code Execution RCE and obtain root privileges on the device. This issue is caused by use of an...
CVE-2024-21591 Junos OS: SRX Series and EX Series: Security Vulnerability in J-web allows a preAuth Remote Code Execution
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS, or Remote Code Execution RCE and obtain root privileges on the device. This issue is caused by use of an...
PT-2024-1048 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S9 Junos OS 21.2 versions prior to 21.2R3-S7 Junos OS 21.3 versions prior to 21.3R3-S5 Junos OS 21.4 versions prior to 21.4R3-S5 Junos OS 22.1 versions prior to 22.1R3-S4 Junos OS 22.2 versions prior to...
Junos J-Web Detection
Binary data junosjwebdetect.nbin...
VulnCheck KEV: CVE-2022-22242
A Cross-site Scripting XSS vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS...
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is...
Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an...
Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability
Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...
The vulnerability of the J-Web interface in Juniper Networks Junos OS allows a hacker to execute arbitrary code.
The vulnerability of the J-Web interface in Juniper Networks Junos OS systems is related to the lack of authentication for critical functions. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 PoC Automation Script This script provides an...
Juniper SRX Firewall / EX Switch Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' require 'net/ssh' require 'net/ssh/commandstream' class MetasploitModule 'Junos OS PHPRC Environment Variable Manipulation RCE', 'Description' = %q...
Juniper SRX Firewall / EX Switch Remote Code Execution Exploit
This Metasploit module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices running FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP...
Junos OS PHPRC Environment Variable Manipulation RCE
This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The...
CVE-2023-36851
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...
CVE-2023-36851
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...
Authentication flaw
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...
CVE-2023-36851 Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...